southeast-asia-arrival-card

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate travel-form helper, but it handles passport and travel data and provides government-form automation guidance without enough privacy and final-approval safeguards.

Install only if you are comfortable using an assistant with passport, itinerary, and lodging details. Prefer manual entry or redacted uploads, verify every government URL yourself, review all extracted fields before use, and do not allow any automation to submit forms or save confirmations without explicit final approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill goes beyond passive guidance and documents end-to-end automation for registration, submission, email verification, and confirmation retrieval on official immigration sites. That expansion increases the chance an agent will process highly sensitive identity and travel data and perform consequential actions on behalf of a user without strong consent, verification, or safety controls.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The multi-site browser automation framework is capable of navigating government portals, creating accounts, filling forms, and submitting sensitive immigration data across several jurisdictions. In this context, that is dangerous because it enables high-impact external actions using passport and travel information, while the skill lacks guardrails around authorization, data handling, site changes, and submission correctness.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The guide gives conflicting instructions about whether a personal photo must be uploaded: earlier it states that profile setup requires uploading a personal photo, while later the FAQ says no passport photo, files, or photos are required. In a travel-compliance workflow, contradictory instructions can cause users to submit incomplete declarations, waste time at check-in or immigration, or disclose unnecessary personal data to unofficial sites while trying to resolve the discrepancy.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation phrases are broad enough to trigger on common travel or visa-related conversation, increasing the likelihood that the skill is invoked unexpectedly. Because this skill solicits passport, itinerary, and contact data and may steer users toward automation, accidental activation raises privacy and misrouting risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes automated handling of passport details, contact information, health declarations, and confirmations for government sites, but does not provide explicit warnings about privacy, credential safety, legal responsibility, or the risk of submitting sensitive data through automated tooling. Users may be encouraged to expose or transmit highly sensitive information without understanding the consequences.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases are broad enough to activate on generic travel or visa conversations, causing the skill to collect or solicit passport, itinerary, and contact details outside its narrow intended use. In a skill that handles highly sensitive identity and travel documents, overbroad invocation increases unnecessary data exposure and raises the chance of users disclosing personal information in the wrong context.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill directs automatic extraction of passport, flight, and hotel-booking data—highly sensitive PII—without an explicit privacy notice, consent flow, retention policy, or minimization guidance. Because the skill context is document processing for immigration/travel, users are likely to provide passport images and itineraries, making the absence of clear handling safeguards especially dangerous and increasing the risk of oversharing, unauthorized retention, or downstream misuse.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document provides an automation framework for submitting highly sensitive personal and travel data to government immigration websites, but it does not clearly warn users that the automation will transmit passport, identity, itinerary, and contact information to third-party government systems. In this skill context, the risk is elevated because the example code normalizes end-to-end submission flows, email verification handling, and confirmation saving, which can encourage users to run privacy-impacting automation without informed consent or awareness of data-handling consequences.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The skill instructs collection of extensive identity, passport, itinerary, and contact data that is sufficient to create a detailed travel dossier. Even in natural-language form, encouraging centralized collection of this data without minimization, masking, retention limits, or handling instructions creates a meaningful privacy and leakage risk.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The automation section explicitly recommends saving PDFs, screenshots, emails, QR codes, and other confirmation artifacts tied to a traveler's identity and trip. These materials can expose passport-linked travel records and may be mishandled, stored insecurely, or leaked if copied into chat histories or automation logs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal